This privacy statement had been prepared for Q&A (see article 2 for definitions), established in Amersfoort at the address: Koningin Wilhelminalaan 21. The procuct/service ‘Shopfeedback’ (as well as the website www.shopfeedback.eu) are part of Q&A Insights BV.
Unless otherwise expressly provided below, the terms used in this statement, will be used in the sense that General Data Protection Regulation (here in after: ‘GDPR’) gives.
Q&A: Q&A Consultancy BV (kvk 65015061), Q&A Insights BV (58913009).
Personal Data: all information regarding an identified or identifiable natural person (data subject).
Processing of Personal Data: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
This Regulation shall apply to all processing of personal data within Q&A, other than the personal information that individuals/consumers have given in the capacity of individual/consumer.
Q&A will take care of complying with applicable laws and regulations concerning privacy among which the General Data Protection Regulation (GDPR).
Our processing of the personal data shall be lawful because of:
The personal data will only be processed by employees of Q&A insofar as this is necessary for the performance of their duties.
In the case of organising events or retail tours/study trips, it is possible Q&A uses other organisations/subcontractors for the purpose of (among other things) making batches for the people present at the event or for booking overnight stays or flight tickets. In that situation Q&A will hand over the personal data necessary for making the batches or booking the overnight stays etcetera to these organisations. Q&A will inform you which subcontractors she will use, what personal data will be shared with them and for what purpose they will be shared.
The personal data will only be processed, as far as they are, given the purposes described in article five, sufficient, relevant and not excessive.
Q&A will keep confidentiality about the personal data from which she takes note, unless insofar as any legal regulation obliges her to communicate or if the task of the responsible employee results in the communication of the data.
Q&A stores personal data among other things in personal Outlook/exchange boxes, in a CRM system, developed by Q&A and in Excel databases per event. Each employee has access to his/her personal Outlook/exchange system, to the CRM software program and to the Excel databases. The personal assistants also have access to the personal Outlook/exchange boxes of the Managing Director.
Q&A uses external cloud servers of Exonet located in the Netherlands and/or cloud servers of Microsoft located in Europe for the storage of data. Each user of personal data has a confidentiality obligation with regard to the data he or she has authorized access to.
Q&A will take technical and organizational security measures to prevend unauthorized access or unauthorized use of personal data.
Q&A confirms to the obligation to report data leaks.
Q&A won’t provide your personal data to third parties, unless you have given her the necessary permission or unless Q&A is obligated to provide personal data by law or a court decision or if such provision is at the service of the purposes of processing the personal data. We will conclude a processor agreement with companies that process your personal data in our assignment in order to accomplish the same level of security and confidentiality of your personal data. Q&A will stay responsable for these processing activities.
In the case Q&A organizes events where you attend as a participant and where sponsors are involved, Q&A will in most cases provide the sponsors a list of the company names of the participants. Other (personal) data such as your email address/first and last name/telephone number/job title/corporate address/country etc. will only be shared with these sponsors/third parties with your specific permission. The purpose of sharing the data will always be mentioned.
The general storage period for Q&A is 5 years. If the storage period is shorter in specific cases, Q&A will indicate this per specific case. However, if legal storage periods deviate from the two previous sentences, Q&A will adhere to these legal storage periods.
Q&A reserves the right to amend this Privacy Statement. It is advisable to consult this Privacy Statement on our website on a regular basis to stay up to date on these amendments.
You can execute the rights granted to you under GDPR concerning your personal data (among which: the rights on information and access, rectification, erasure, restriction, the right to be forgotten, dataportability and the right to object and the right not to be subjected to automated decision-making) by contacting Sandra Jonker (email@example.com).
We then ask you to prove your identity, on the basis of a valid identification. That way we can check if we provide the personal data to the right person.
Excessive requests in relation to the provision of information may be rejected by us. Excessive requests occur when, for example, you approach us on an above average and unnecessary number of times with information requests.
Any complaints about this statement you can indicate to your own contactperson or to: firstname.lastname@example.org. (Sandra Jonker).
You also have the right to file a complaint to the Supervisory Authority. The ‘Autoriteit Persoonsgegevens’ supervises compliance with the legal rules for the protection of personal data. You can contact the Authority:
Bezuidenhoutseweg 30 2594 AV Den Haag